DDOS Attack in ASP.NET with State Server Session

gorex1

New Member
Cant find this issue anywhere... Using ASP.NET 3.5, I have 3 web servers, in a web farm, using ASP.NET State Server (on a different Server).All pages Uses session (they read and do update the session)Issue: my pages are prone to DDOS attack, it so easy to attack, just go to any page, and HOLD down 'F5' key for 30-60 seconds, and the request will pile up in all web servers.I read, that if you make multiple call to session each will LOCK the session, hence the other request has to wait to get the same user's session, this waiting, ultimately causes DDOS.OUR solution has been pretty primitive, from preventing (master page, custom control) to call session and only allow the page to call, to adding javascript that disable's F5 key.I just realize ASP.NET with session is prone to such DDOS attacks!!Anyone faced similar issue? any global/elegant solution? please do shareThanks
 
Back
Top